CLAIMS 



1 1. A system for downloading security context elements that 

2 govern execution of agents, comprising: 

3 a list of identities of users authorized to execute 

4 said agents; 

5 downloadable cross certificates for verifying 

6 electronic signatures; 

"LI 7 signed agents in applications including signatory name 

ru 8 and corresponding electronic signature; 

□ 9 agent execution code responsive to said cross 

i'f 10 certificates and said electronic signature for 

2 11 activating said signed agents. 



1 2, A system for downloading security context elements that 

2 govern execution of downloadable and distributable agents, 

3 comprising: 

4 a restricted agent list store for storing names of user 

5 identities of users authorized to execute restricted 
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6 agents; 

7 an unrestricted agent list store for storing names of 

8 user identities of users authorized to execute 

9 unrestricted agents; 

10 downloadable cross certificates for use in verifying 

11 electronic signatures of names in said list stores; 

12 replicatable agents in applications containing 

: ;=5 
i ii : 

'=0 13 signatures specifying name of signatory and 

! 'i z 
•sr - 

\^ 14 corresponding electronic signature for comparison with 

15 said downloadable cross certificates; 

a 

.0 16 agent execution code for activating agents dependent 

O 17 upon successful comparison of signatures to cross 

18 certificates. 



1 3, A server system for preparing security context elements 

2 for distribution to clients, comprising: 

3 application code; 



4 



agent code referenced by said application code and 
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5 including signatures specifying name and corresponding 

6 electronic signature of signatories authorized to use 

7 said agent code; 

8 a group list store for storing names of authorized 

9 signatories; and 



10 a downloadable cross certificate store for storing 

11 certificates for each user or organization listed in 

12 said group list store and selected for downloading. 

m 

rU 1 4. A client system for using security context elements 

g 2 distributed from a server with respect to downloadable 

\Z 3 application code, comprising: 

4 a client side rendition of a server application using a 

5 signed agent; 

6 said signed agent including signatures specifying name 

7 and corresponding electronic signature of signatories 

8 authorized to use said agent code; 

9 a group list store for storing names of signatories; 
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a cross certificate store for storing certificates for 
signatories in said group list store; 

agent execution code for activating said signed agent 
dependent upon successful comparison of signatures to 
cross certificates. 

The client system of claim 4, further comprising: 

said agent execution code being responsive to scheduled 
or on-demand access to said signed agent for first 
accessing said server to update said group list store 
and said cross certificate store, 

The client system of claim 5, further comprising: 

said group list store storing the union of names of 
signatories authorized to execute agents referenced by 
applications downloadable from a plurality of servers. 



The client system of claim 6, further comprising: 
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said group list store comprising a restricted group 
store and an unrestricted group store. 



1 8. The client system of claim 7, further comprising: 

2 said agent execution code being operable responsive to 

3 authentication of said signature in said signed agent 

4 for determining the execution level allowed and being 

5 operable responsive to failure of authentication of 

6 said signature for preventing execution of said agent 

7 code. 

1 9. A method for governing execution of downloadable and 

2 distributable signed agents characterized by security 

3 context elements, comprising the steps of: 

4 determining that said signed agent is scheduled or 

5 selected for execution; 

6 validating a signature in said signed agent against a 

7 store of downloadable cross certificates; and 

8 executing said signed agent only responsive to 
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validation of said signature. 



• 



The method of claim 9, further comprising the steps of: 

replicating from a first server an application 
referencing said signed agent; and 

responsive to determining that said signed agent is 
scheduled or selected for execution, accessing said 
first server to update said store of downloadable cross 
certificates and thereafter validating said signature. 

The method of claim 10, further comprising the steps 
of: 

replicating from a second server a second application 
referencing a second signed agent; 

maintaining a unionized group list store of names of 
signatories authorized to execute signed lists; and 



responsive to determining that either said signed agent 
or said second signed agent is scheduled or selected 
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9 for execution, first accessing the said first server or 

10 said second server from which said scheduled or 

11 selected agent was downloaded to update said unionized 

12 group list store. 



1 12. A program storage device readable by a machine, 

2 tangibly embodying a program of instructions executable by a 

3 machine to perform method steps for governing execution of 

3 4 downloadable and distributable signed agents characterized 

□ 

5 by security context elements, said method steps comprising: 

y 

U 6 determining that said signed agent is scheduled or 

3 7 selected for execution; 

n 

0 

3 8 validating a signature in said signed agent against a 

9 store of downloadable cross certificates; and 

10 executing said signed agent only responsive to 

11 validation of said signature. 



1 13. The program storage device of claim 12, said method 

2 steps further comprising: 
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3 replicating from a first server an application 

4 referencing said signed agent; and 

5 responsive to determining that said signed agent is 

6 scheduled or selected for execution, accessing said 

7 first server to update said store of downloadable cross 

8 certificates and thereafter validating said signature, 

1 14. The program storage device of claim 13, said method 

2 steps further comprising: 

3 replicating from a second server a second application 

4 referencing a second signed agent; 

5 maintaining a unionized group list store of names of 

6 signatories authorized to execute signed lists; and 

7 responsive to determining that either said signed agent 

8 or said second signed agent is scheduled or selected 

9 for execution, first accessing the said first server or 

10 said second server from which said scheduled or 

11 selected agent was downloaded to update said unionized 

12 group list store. 
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